Lucene search
K

66 matches found

EUVD
EUVD
added 2025/12/23 6:46 p.m.7 views

EUVD-2025-204849

LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs...

9.3CVSS6.8AI score0.1383EPSS
Exploits5References8
OSV
OSV
added 2025/12/23 6:46 p.m.21 views

GHSA-C67J-W6G6-Q2CM LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...

9.3CVSS6.2AI score0.1383EPSS
Exploits5References9
EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203255

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

8.6CVSS6.4AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2025/12/13 4:16 p.m.6 views

CVE-2025-36753

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

9.8CVSS5.8AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51102

The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

8.6CVSS6.9AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-2456

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00737EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2441

Malicious code in bioql PyPI...

8.3CVSS8.3AI score0.01097EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-4348

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00946EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5740

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00946EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2747

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01172EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-4804

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.02366EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0515

Malicious code in bioql PyPI...

9.8CVSS9AI score0.01314EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1574

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01314EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:21 a.m.9 views

CVE-2023-24429

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

9.8CVSS6.7AI score0.01314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:20 p.m.9 views

CVE-2021-23207

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating user...

6.5CVSS6.7AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 a.m.7 views

CVE-2019-10466

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...

8.1CVSS6.7AI score0.01002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.10 views

CVE-2019-10327

An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...

8.1CVSS6.7AI score0.01467EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/04/17 12:0 a.m.4 views

Chypnosis: Stealthy Secret Extraction Using Undervolting-Based Static Side-Channel Attacks

There is a growing class of static physical side-channel attacks that allow adversaries to extract secrets by probing the persistent state of a circuit. Techniques such as laser logic state imaging LLSI, impedance analysis IA, and static power analysis fall into this category. These attacks requi...

6.5AI score
Exploits0
OSV
OSV
added 2025/03/14 7:55 p.m.8 views

GHSA-R8GC-QC2C-C7VH Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Description: The secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: 1. Python's execution environment cannot guarantee true isolation between...

5.4CVSS6.7AI score0.00178EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/03/14 7:55 p.m.15 views

Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Description: The secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: 1. Python's execution environment cannot guarantee true isolation between...

5.4CVSS6.7AI score0.00178EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder